This is Dancho.
How to use this manual testimony?
- Reference me Dancho Danchev
- My web site (https://ddanchev.blogspot.com)
- My research portfolio as PoC (Proof of Concept) (https://archive.org/details/@ddanchev)
- My email address (dancho.danchev@hush.com; disruptive.individuals@gmail.com)
My key points:
- I have never received anyone's acknowledgment for my achievements or a reward
- I was never approached with any sort of acknowledgment by Facebook on my Koobface Gang research
- I'm publishing my own testimony with the idea that I'm looking for someone's acknowledgment for my contributions and impact in the field and as a possible form of financial reward achievement that I could get prior to publishing my manual testimony and in a way as a form for my retirement from the field
Key summary points that you didn't know:
- up to my invitation to join ZDNet in 2008 from 2005 to 2008 the only thing that mattered to me the most was to publish at my personal blog https://ddanchev.blogspot.com never seeing or realizing any possible or potential income and it really worked
- the modest amount for the articles that I was getting from ZDNet I was using to maintain a teenager lifestyle and it was enough
- prior to joining Webroot where I was surprisingly but according to me well deserved salary I was earning more than any of my colleagues or people that I knew online were
Quick Q&A:
Who are you?
I'm a 41 years old security blogger cybercrime researcher OSINT analyst and threat intelligence analyst from Bulgaria. I've always been an independent contractor and I often work under NDAs.
What are you up to?
I'm trying to claim a reward from Rewards for Justice for my Conti Ransomware Gang research.
What do you want?
Acknowledgement from someone in the field for my Koobface Gang research from 2008 to 2013.
How can we assist?
Drop me a line and say hi and keep up the good work.
Date: 16.01.2025
Email: dancho.danchev@hush.com
Web Site: https://ddanchev.blogspot.com
Executive Summary:
Ladies and gentlemen, esteemed colleagues, and friends, Today, I stand before you to shed light on a pressing issue that affects every single one of us in this digital age. It is a journey I have taken, inspired by the insights of a remarkable individual, Dancho Danchev. A cybersecurity expert who has navigated the complex and often murky waters of the information security industry. His self-hosted testimony resonates deeply, urging us to pause and reflect on how this industry functions, or rather how it is failing to function as it should. In a world where everything is interconnected, we rely on technology to communicate, work, and thrive. Yet with every click of a button, we expose ourselves to vulnerabilities that can have dire consequences. Dancho Danchev’s experiences highlight the paradox we face. Despite our increased reliance on technology, the information security industry often seems ill-equipped to protect us from the very threats it promises to defend against. Let us consider the core of Dancho’s testimony. He argues that while we have made significant advancements in technology, the industry itself has become bogged down by bureaucracy, profit motives, and a lack of genuine understanding of real threats. These issues create a chasm between what we need in cybersecurity and what is actually delivered. The industry is filled with products and services that are marketed as solutions but often do not address the root causes of our vulnerabilities. Imagine for a moment that you are standing at the edge of a vast ocean. You see the waves crashing against the shore, powerful and relentless. You know that beneath the surface lies a world of unknowns. This is akin to our online presence. Every day, we dive into the digital ocean, armed with the tools provided by the information security industry. Yet, how many of us truly understand what lurks beneath the surface? How many of us are equipped to navigate through potential dangers? Danchev’s testimony serves as a wake-up call. He emphasizes the importance of education and awareness. It is not enough to rely solely on technology to protect us. We must be proactive in our approach. We must take the time to educate ourselves about the risks and the challenges we face. It is about building a culture of cybersecurity awareness that transcends beyond just the IT department. It is about empowering every individual to take responsibility for their own digital safety. In his remarks, Dancho highlights the need for transparency within the cybersecurity industry. Too often, companies hide behind jargon and complex terminologies that only serve to confuse rather than clarify. It is essential that we demystify the language of cybersecurity and make it accessible to everyone. We need to foster an environment where open communication thrives, where questions can be asked without fear, and where knowledge is shared freely. Furthermore, we must recognize the role that collaboration plays in strengthening our defenses. Dancho advocates for partnerships across sectors and industries. Cybersecurity is not just an IT issue; it is a business issue, a social issue, and a global issue. By coming together, sharing insights, and learning from one another, we can create a more robust framework for protection. The strength of our collective knowledge can be our greatest asset. As we reflect on Dancho Danchev's insights, I urge you to consider your own role in this ecosystem. Each of us has a part to play in shaping the future of cybersecurity. Whether you are an IT professional, a business leader, or simply a concerned citizen, your voice matters. Your actions matter. The choices we make today will determine the security landscape of tomorrow. So what can we do? First, let us commit to lifelong learning. The digital landscape is constantly evolving, and with it, the threats we face. Stay informed, take courses, attend workshops, and engage in discussions. Arm yourselves with knowledge, for it is the most powerful weapon we have against cyber threats. Second, let us advocate for better practices within our organizations. Support initiatives that prioritize cybersecurity training for all employees. Encourage open dialogues about potential threats and vulnerabilities. Create a culture where cybersecurity is everyone’s responsibility, not just the IT team. And finally, let us push for change within the industry itself. Demand transparency from cybersecurity providers. Seek out solutions that are not only effective but also understandable. Engage with organizations that prioritize education and awareness over profit margins. Together, we can hold the industry accountable for its promises. In conclusion, Dancho Danchev’s testimony is not just a critique of the information security industry. It is a call to action. It challenges us to rethink how we approach cybersecurity and inspires us to take charge of our own digital safety. As we move forward, let us embrace the responsibility that comes with our technological advancements. Let us work together to create a safer digital world for ourselves and for future generations. Thank you.
Let's start from the basics. Check out the following image of Facebook's Chief Security Officer Joe Sullivan. What's the first thing that you notice on the attached image? Check out the Christmas tree screenshot of the Koobface botnet which is clearly visible on the right.
If it's supposed to take you back you should be clearly familiar with the screenshot courtesy of my blog where the actual Christmas message and screenshot by the Koobface Gang were actually referencing me and a personal link to my blog.
We were all jumping in on trying to solve the issue with multitude of unknown individuals doing the research and Facebook doesn't knowing a clue about it or approaching the researchers or crediting and giving donation amounts to the wrong individuals.
Some key summary points:
- I was never approached by Facebook
- I was never offered a job
- My research was never mentioned
- I never got public acknowledgment of my work
My primary contacts at Facebook at the time were Donald Webster, Ryan McGeehan and Alex Rice with whom I've exchanged emails on the topic.
Back in the day Facebook's CISO was Joe Sullivan who I never really knew or got approached by.
The interesting part here is that although I really pretended that I was the primary and among the few original sources in terms of research and analysis on the Koobface botnet I never really knew anyone or actually how they managed to contribute to properly distribute and disseminate their research on how they did. In terms of the Koobface Working Group although I got something in the lines of an invitation to participate my primary concern and motivation at the time was to continue monitoring it and disseminating my research to the security community and my blog readers which I was actively doing at the time on a full time basis on my own for a period of two and a half years.
No comments:
Post a Comment